Summary

Send an X-CSRFToken header when deleting integrations

Review Request #8490 — Created Oct. 25, 2016 and submitted Oct. 28, 2016, 2:20 p.m.

Information

Owner

brennie

Repository

Djblets

Branch

release-0.10.x

Bugs

Depends On

Reviewers

Groups

djblets

People

Description

Previously, integrations could not be deleted. The view required a CSRF
token to be submitted but we were not sending one. Now we check for a
CSRF token field in the form before executing our HTTP DELETE request
and, if present, we add the X-CSRFToken header to the request. This
allows integrations to be deleted.

Testing Done

Able to delete an integration with this patch applied.

Issues

Description	From	Last Updated
Because there's only ever one of these on the page, and .val() returns undefined when there are no matching elements, …	david	Oct. 26, 2016, 2:23 p.m.
There should only ever be one <input name="csrfmiddlewaretoken"> on the page, so this selector can just be $('input[name="csrfmiddlewaretoken"]')	david	Oct. 26, 2016, 2:48 p.m.

Tool: PEP8 Style Checker
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html



Tool: Pyflakes
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html

djblets/integrations/templates/integrations/configure_integration.html (Diff revision 1)

The issue has been resolved. Show all issues

Because there's only ever one of these on the page, and .val() returns undefined when there are no matching elements, this whole thing could be:

var csrfToken = $('input[name="csrfmiddlewaretoken"]').val();

if (csrfToken) {
    xhr.setRequestHeader('X-CSRFToken', csrfToken);
}

Diff:

Revision 2 (+12)

Show changes

djblets/integrations/templates/integrations/configure_integration.html

Tool: PEP8 Style Checker
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html



Tool: Pyflakes
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html

djblets/integrations/templates/integrations/configure_integration.html (Diff revision 2)

The issue has been resolved. Show all issues

There should only ever be one <input name="csrfmiddlewaretoken"> on the page, so this selector can just be $('input[name="csrfmiddlewaretoken"]')

Diff:

Revision 3 (+8)

Show changes

djblets/integrations/templates/integrations/configure_integration.html

Tool: PEP8 Style Checker
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html



Tool: Pyflakes
Ignored Files:
    djblets/integrations/templates/integrations/configure_integration.html

Ship it!

```
Ship It!
```

Status:: Completed
Change Summary:: Pushed to release-0.10.x (70b7578)